Apple loses one, gains one in employee shuffle
!–body–
pLong-time Apple executive Pablo Calamera has left Apple in favor of a CTO gig elsewhere, while former Mozilla security chief Window Snyder started work at 1 Infinite Loop on Monday. Pablo will become the CTO at Thumbplay, a company specializing in ringtones and streaming music, while Snyder will work as a senior security product manager at Apple./p
pAccording to the Thumbplay announcement, Calamera served as director of MobileMe service while at Apple. Despite the service’s less-than-stellar reputation during his time there. Thumplay saw fit to scoop up Calamera. The newly branded CTO spent time at Danger Inc. and WebTV Networks, among others, before joining Apple./p
pAs noted by ema href=”http://www.pcworld.com/article/190524/exmozilla_security_chief_takes_job_at_apple.html”PC World/a/em, the Snyder hire comes on the heels of her timenbsp;managing security consultants atnbsp;Microsoft and working on Windows XP and 2003 Server. What Snyder will do at Apple remains unclear, but the two variants of Safari (Windows and Mac) or the iPhone OS seem to be likely candidates for her expertise./p
pa href=”http://arstechnica.com/apple/news/2010/03/apple-loses-one-gains-one-in-employee-shuffle-up.ars?comments=1amp;utm_source=rssamp;utm_medium=rssamp;utm_campaign=rss#comments-bar”Read the comments on this post/a/p
pa href=”http://feedads.g.doubleclick.net/~at/ny8IZFdu1lKb69-1zXhYTd0SN1g/0/da”img src=”http://feedads.g.doubleclick.net/~at/ny8IZFdu1lKb69-1zXhYTd0SN1g/0/di” border=”0″ ismap=”true”/img/abr/
a href=”http://feedads.g.doubleclick.net/~at/ny8IZFdu1lKb69-1zXhYTd0SN1g/1/da”img src=”http://feedads.g.doubleclick.net/~at/ny8IZFdu1lKb69-1zXhYTd0SN1g/1/di” border=”0″ ismap=”true”/img/a/pdiv class=”feedflare”
a href=”http://feeds.arstechnica.com/~ff/arstechnica/apple?a=DrgR1h65fCc:1dZSV5vTXZI:V_sGLiPBpWU”img src=”http://feeds.feedburner.com/~ff/arstechnica/apple?i=DrgR1h65fCc:1dZSV5vTXZI:V_sGLiPBpWU” border=”0″/img/a a href=”http://feeds.arstechnica.com/~ff/arstechnica/apple?a=DrgR1h65fCc:1dZSV5vTXZI:F7zBnMyn0Lo”img src=”http://feeds.feedburner.com/~ff/arstechnica/apple?i=DrgR1h65fCc:1dZSV5vTXZI:F7zBnMyn0Lo” border=”0″/img/a a href=”http://feeds.arstechnica.com/~ff/arstechnica/apple?a=DrgR1h65fCc:1dZSV5vTXZI:qj6IDK7rITs”img src=”http://feeds.feedburner.com/~ff/arstechnica/apple?d=qj6IDK7rITs” border=”0″/img/a a href=”http://feeds.arstechnica.com/~ff/arstechnica/apple?a=DrgR1h65fCc:1dZSV5vTXZI:yIl2AUoC8zA”img src=”http://feeds.feedburner.com/~ff/arstechnica/apple?d=yIl2AUoC8zA” border=”0″/img/a
/divimg src=”http://feeds.feedburner.com/~r/arstechnica/apple/~4/DrgR1h65fCc” height=”1″ width=”1″/
Security flaw puts iPhone users at risk of phishing attacks
When Apple introduced iPhone OS 3.0, it attempted to beef up the security of over-the-air enterprise management of iPhones by adding support for Cisco Systems’ Simple Certificate Enrollment Protocol (SCEP). However, a flaw in the implementation of the standard could allow hackers to offer mobile configuration files that appear to be from a legitimate source, but may otherwise set your iPhone to access malicious servers.
Ars spoke with a mobile security expert who discovered the problem (who asked to remain anonymous because he did not have approval to talk about the issue). He told Ars that the issue is one of trust: “Who would you trust to change your iPhone configuration over the air? Your carrier? Your company? Your IT security admin?” he asked. Apple uses SCEP as a way for the iPhone to check in with a certificate server to verify that a mobileconfig file has been signed by a trusted source, but flaws in the set-up on the iPhone mean that the process doesn’t always work as intended.
etc: Apple has just released its first Security Updates for 2010. They’re available for Snow Leopard, Leopard, and Leopard Server. Staying up-to-date and secure is important, mmkay?
Apple has just released its first Security Updates for 2010. They’re available for Snow Leopard, Leopard, and Leopard Server. Staying up-to-date and secure is important, mmkay?
Read More:
Snow Leopard, Leopard, Leopard Server
etc: Kaspersky Lab is questioning what’s going on with Apple’s…
Kaspersky Lab is questioning what’s going on with Apple’s malware tools in Snow Leopard. New malware signatures have not been added in quite a while.
Read More:
Threatpost
iPhone gaining in enterprise IT, still needs OTA management
Its sleek design, elegant interface, and trove of mobile apps has made the iPhone one of the top smartphone choices for consumers. Corporate IT departments have been a different story, as Apple has done little to actively court the enterprise. While many admins are waiting for improved security and over-the-air management tools, the steady improvements Apple has made to the platform over the last couple years has made the iPhone a workable mobile solution for some corporate enterprises.
Getting there hasn’t been easy. Apple released the original iPhone in 2007 with essentially no enterprise-friendly features. iPhone OS 2.0 brought with it support for Microsoft’s Exchange servers via licensed ActiveSync compatibility. ActiveSync also enabled remote wiping of an iPhone containing sensitive data that might have gotten in the wrong hands. It also ushered in the era of third-party native iPhone apps, including direct ad hoc provisioning.
iPhone OS 3.0 went even further, adding a number of oft-requested features to benefit corporate users, such as: LDAP support for contacts, wireless CalDAV syncing, improved VPN support, improved Exchange support for meeting invites, encrypted backups, a variety of security and authentication protocols, additional device restrictions that include disabling the camera, and additional management capabilities with the latest version of iPhone Configuration Utility.
Latest jailbroken iPhone worm tries filching bank passwords
The second malicious worm to attack jailbroken iPhones has been spotted in the wild, and is the first to directly target users’ bank accounts. Called iBotnet.A by security research firm Intego, the worm tries to steal account logins from customers of popular online banking service ING Direct. Though it only affects iPhones that have been jailbroken by the user with SSH installed, this is clearly a trend that is growing quickly—and one that Apple isn’t likely to care about until it affects “legit” users.
According to Intego, the malware scans for phones on a local network and a range of IPs with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. This is the same method used by the first malicious iPhone worm that came out earlier this month. The IPs scanned by this particular worm include those in the Netherlands, Portugal, Hungary, and Australia.
Latest jailbroken iPhone worm tries filching bank passwords
The second malicious worm to attack jailbroken iPhones has been spotted in the wild, and is the first to directly target users’ bank accounts. Called iBotnet.A by security research firm Intego, the worm tries to steal account logins from customers of popular online banking service ING Direct. Though it only affects iPhones that have been jailbroken by the user with SSH installed, this is clearly a trend that is growing quickly—and one that Apple isn’t likely to care about until it affects “legit” users.
According to Intego, the malware scans for phones on a local network and a range of IPs with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. This is the same method used by the first malicious iPhone worm that came out earlier this month. The IPs scanned by this particular worm include those in the Netherlands, Portugal, Hungary, and Australia.
Week In Apple: Software Updates, Jailbroken IPhone Worms, And VESA
Mac users got some love from Apple this week in the form of an update to Snow Leopard, as well as one for Safari. But it’s not all good news for Apple fans–hackers are out to get jailbroken iPhone users and those running Atom-based hackintoshes will be stuck on Mac OS X 10.6.1. Read on to get the low-down.
Mac OS X 10.6.2 out now along with Leopard security update: Come and get your Snow Leopard update to 10.6.2! If you’re still on Leopard, though, security fixes are available as well.
Truly malicious iPhone malware now out in the wild: While previous “attacks” on jailbroken iPhones were benign, a variation of the same attack quietly extracts personal data from an infected device. Please, folks, change your default passwords.
Week in Apple: Software updates, jailbroken iPhone worms, and VESA
Mac users got some love from Apple this week in the form of an update to Snow Leopard, as well as one for Safari. But it’s not all good news for Apple fans–hackers are out to get jailbroken iPhone users and those running Atom-based hackintoshes will be stuck on Mac OS X 10.6.1. Read on to get the low-down.
Mac OS X 10.6.2 out now along with Leopard security update: Come and get your Snow Leopard update to 10.6.2! If you’re still on Leopard, though, security fixes are available as well.
Truly malicious iPhone malware now out in the wild: While previous “attacks” on jailbroken iPhones were benign, a variation of the same attack quietly extracts personal data from an infected device. Please, folks, change your default passwords.
Truly malicious iPhone malware now out in the wild
If you didn’t heed previous warnings to secure your jailbroken iPhone, you may be in for some serious trouble. Computer security firm Intego has identified the first known truly malicious code which targets jailbroken iPhones with default root passwords.
The latest in a string of recent attacks, iPhone/Privacy.A uses a technique similar to previous hacks. The malware scans for phones on a given network with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. Unlike the previous versions, which merely replaced the wallpaper image to alert users that they have been cracked, the new version silently copies personal data—”e-mail, contacts, SMSs,
calendars, photos, music files, videos, as well as any data recorded by any iPhone app.” It then sends the data back to the machine running the software.
